Cyber Security Related Excerpts from the Global Risk Forum Berlin September 25-26, 2013 Draft 10/24/13
|
|
- Adelia Oliver
- 8 years ago
- Views:
Transcription
1 Cyber Security Related Excerpts from the Global Risk Forum Berlin September 25-26, 2013 Draft 10/24/13 Forwarding an International Public-Private Framework for Cyber Security & Resilience: With Increasing Cyber Impacts, Creating a Truly International and Public-Private Framework for Cyber Security & Resilience is Imperative. Session One - Clarifying Challenges & Identifying Key Elements for an Effective Cyber Framework To understand security and resilience on the Internet a participant explained, When we talk about cybersecurity and internet infrastructure, it s important to understand what elements of it changed our social and economic lives. Internet invariants include: Global connectivity and integrity (global reach and consistent view from any point) Permission-free innovation (yet undiscovered functionality) Accessibility (anyone can contribute and become part of it) Spirit of cooperation (foundation for evolution and resiliency - 80% of network operation agreements aren t contract-based) The security landscape complexity is comprised of a number of issues: Open platform / open to attack and intrusion Permission-free innovation / development and deployment of malware Global reach / attacks and cyber crime are cross-border Voluntary collaboration / hard to mandate There are a number of ways we search for safety: Risk management approach (there is no absolute security) Managing inward and outward risks (shared risk management and collective responsibility), for example: we talk about DDoS attacks. They are so easy a kid can do them. They re possible because of weaknesses in the IP system. Some ISPs allow IP spoofing. There s no incentive for them to prevent IP spoofing, because it doesn t help their network personally. But it is a huge threat to the rest of the ecosystem. Preserving the Internet Invariants (protecting the opportunities for growth and prosperity) Fragmenting the internet creates as many problems as it solves. Ingredients for cyber security solutions include international cooperation (most issues are cross-border) and preservation of Internet values. Another remarked on cyber security trends, We see a move towards collaboration, but mostly it s bilateral or regional so far. EU has an initiative, the African Union has made some progress. We also see tensions. People are worried about security and their data being seen. There are risks of fragmentation if we don t resolve these issues. What we think we need is a globally inclusive debate that avoids a cycle of pushing and backlash, and avoiding a digital Hindu Kush. The global environment is not isolated. We don t want to build a stable multinational system that can be attacked by someone with a server in some small isolated, unreachable country. So we must involve all countries. 1
2 Another noted, Cyber security is a slippery term, but it s really related to information security. It s important to understand that it s not just a technological issue. It s too important to be left to technical people. It s physical, and it s involving more traditional issues. A participant remarked, The EU is rather different for those of us used to dealing on the national political level. The EU body is not like a national cabinet, where more or less everyone has the same priorities. A country comes in with its own interests represented by its own commissioner. And other commissioners are pulling in different directions. The Internet Security Alliance may have a better approach, bundling the interests of the private sector into one unified voice, rather than the auction house atmosphere of the EU commission presently. In discussing cyber security versus information security, the question was raised as to the definition of cyber security and how it differs from information protection. In the EU it s more about privacy. In the U.S. it s more about critical infrastructure protection. Even in the insurance industry, in the U.S., insurance thinks cyber is about notification after breaches, but the government still thinks it s all critical infrastructure. Session Two - Towards a Cyber Security Framework the Proposed U.S. Model: Using the proposed U.S. framework as a Straw Man to identify potential approaches, weaknesses and gaps In opening this discussion the point was made that all of us born before 1980 or so are digital immigrants. The majority of people alive today were not born into the digital world so we don t get this stuff naturally and neither do those responsible for making policy around it. A participant noted, We have to deal with this like we re living through the invention of gunpowder. There are DHS reports that say that following good cybersecurity practices will make you more efficient and more profitable. That s actually not true! Going digital, having long supply chains, bring-your-own-devices, cloud computing, makes you more profitable but yet less secure. We must manage both of these. The point was made that the technology is under attack and we need to focus on the economics and the public policy solutions, not on defense by building bigger walls. It is estimated that there are 3 million different malware programs running around in the world. Each person will generate 5200GB of data within a few years. A participant argued, I don t agree that only the major European countries can be persistent in this effort. Some of our leading countries are very far behind on cybersecurity. We need decisions and rules, and don t have them. We could be talking about this for the next 20 years without anything happening. He went on to say, This EU directive is very, very vague. NATO is in a little bit better shape. They have several million incidents daily, and they at least check some of them out. Hungarian cyber security has worked on this for more than three years. They are most interested in prevention. We have to change the mindset. Another participant, drawing on both his public sector and private sector experience, indicated that when you analyze actual attacks you see there are about 90 attacks a year on major organizations. When you investigate these more closely you see that a lot of these are caused by poor security hygiene, such as bad passwords and system misconfigurations. 2
3 He continued, What I find is, the compliance route has some benefit sometimes. What really for this environment matters is people coming together and creating environments in which they can collaborate and then underpin that environment with services that allow them to paint a picture of situational awareness. It s about two-way information sharing. What do you share? What s actionable? If you re dealing in these environments, what insights can you see and what can I do about it? If you ve got the Syrian Electronic Army or Anonymous, and you see the pattern of an attack forming, you re in the moment. Suggested key takeaways were: Define who we re trying to approach, What is critical -- disruption of service, loss of life, economic damage What is the outcome we re trying to achieve What do you really want reported out from your organization? How much monitoring do you want? How much can you get? The participant went on to explain, Frameworks help you think through the challenges. The voluntary approach lets people apply it to their own standards. You have to have an ecosystem of intelligence collection and processing. Boards want to know what the impact is. If the intel framework isn t delivering it -- you have to process the governance part. The evolution of the U.S. approach was laid out this way: Bush administration, hands off the internet Obama first term - expanded DHS authority over Cyber Infrastructure to mandate adoption of federal security standards and mandatory notification of incidents with possible penalties Obama second term - voluntary program focuses on industry developed standards reinforced by government incentives. A participant noted, The EU and U.S. have diverging strategies. Blaming the victim encourages more attacks. Public penalties encourage punitive attacks. Regulation is an outdated model to address the modern cyber threat. Government and industry assess risk differently..the problem is that we re not Cyber Structured. In 95% of organizations the CFO isn t directly involved in information security. Twothirds of companies don t have risk plans. Less than half don t have a formal risk management plan. A third of those who do don t consider cyber in their plan. It was explained that the U.S. framework does five things: 1. makes organization-wide decisions 2. establishes a target profile 3. establishes a current profile 4. compares target and current profiles 5. implements target profile The organization must have a full risk management cycle: identify, protect, detect, respond, recover. The framework implementation tiers are: 0 - partial 3
4 1 - risk informed 2 - repeatable 3 - adaptive It was also pointed out by a participant that the U.S. proposed framework falls short: It has no communication of what constitutes voluntary adoption or implementation It lacks guidance to enterprises to prioritize implementation There is no insight into how critical CBA will be integrated There is no workable risk assessment tool Some participant reactions to the proposed U.S. framework included: If we can show that we re up to date with the latest standards, how do you get a heart-beat monitor of how your firm is doing on Cybersecurity -- as opposed to just compliance one time. I want an operational risk assessment. If I don t understand the landscape I m operating in, I only have half the job done. There re hardly any international standards on this. They might be useful to some extent, but if you have a more global footprint for this, it s more difficult. We think security has to be cheaper and easier in order for it to be sustainable. In this world we have a problem which is that it is not limited to borders, and bad actors that are not either. Lots of companies are not just sitting in a single country. IT doesn t support the business anymore, IT is the business. If that s so, then cybersecurity isn t just an add-on, it s got to be central. This isn t an IT issue, that s right, it s got to be enterprise risk. Break-Out Sessions on Key Cyber Security & Other Issues The whole world is following a failed cybersecurity strategy. The reason we re talking about this is that we re coming to rely on cyber technologies for our daily safety and wellbeing, and at the same time these technologies are extremely vulnerable to exploits in an intercontinental range. When we look at the security space, we must think about the levers of risk management. What can we look at to change the risk? Threat mitigation, vulnerability mitigation, and consequence mitigation. IT s not a good tactical tool to put numbers in the formula I m about to present, Risk = threat * vulnerability * consequence. There s a strategic truth to this. The multiplication function here is that if any of these variables is moved to zero, then the risk is zeroed out. However, it s impossible to reduce risk to zero with cyber. We ve been so focused on vulnerability mitigation that we ve been ignoring threat and consequence mitigation. My first suggestion is that bad guys are using the least sophisticated tool in their toolbox often times. So if you deny them access from one means, there may be many others. 4
5 Vulnerability mitigation measures work well against crimes of opportunity. When there s no fungibility in a target, we tend to not reduce vulnerability, but reduce threat or consequence. It s like installing an alarm in your house -- once you ve defeated the perimeter, the alarm is a signal to the intruder that we re detecting you and about to confront you head on. You don t set off an alarm and then have the alarm company call a locksmith to fix the lock -- you call the police to stop the intruder. In the tech world this is made complicated by the fact that the landscape is changing so quickly. The design elements and protocols on the internet were never really designed for threat deterrence. So the original element of the internet was interoperability, then bandwidth, then speed, then privacy. Privacy is difficult to talk about because we want to give good guys privacy, but bad guys get attribution. Is it possible to make design elements that do this? Provide privacy assurance and deviance attribution? It s possible that the areas of the network that need the greatest security may require the least privacy. The power grid, for example. The power grid needs no privacy -- in fact we want to be quite sensitive to who is using parts of it. That s very different from Twitter or or voice. This is a concept of being able to define specific systems and services, not just one large solution set. Report Backs, Conclusions & Next Steps to Advance Collective Action In discussing liquidity and payments systems in financial services from a vulnerability point of view a participant explained, The networks are very hardened. But the end-users are pretty insecure. The market would not withstand an integrity violation in digital money. We ve been moving towards a risk management model, where everyone gets to decide for themselves what their most sensitive information is. There isn t any standard metric for distinguishing ROI on cybersecurity efforts. I would posit to this group that this is not an effective way of looking at strategy. We started out with diminishing returns on security spending, where now I think we ve got negative returns, where things we re doing are making it worse. There s a lot of thinking that there are escalating costs without any real gains since we can t measure success in a meaningful way. 5
POLICIES TO MITIGATE CYBER RISK
POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationCyber Security Strategy
NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use
More informationWhat Works in Supply Chain and Partner Security: Using BitSight to Assess and Monitor Third-Party Cybersecurity
What Works in Supply Chain and Partner Security: Using BitSight to Assess and Monitor Third-Party Cybersecurity SPONSORED BY WhatWorks is a user-to-user program in which security managers who have implemented
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationSorting out SIEM strategy Five step guide to full security information visibility and controlled threat management
Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management This guide will show you how a properly implemented and managed SIEM solution can solve
More informationData Security Best Practices & Reasonable Methods
Data Security Best Practices & Reasonable Methods September 2013 Mike Tassey Technical Security Advisor Privacy Technical Assistance Center (PTAC) http://ptac.ed.gov/ E-mail: PrivacyTA@ed.gov Phone: 855-249-3072
More informationUtility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security
Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The
More informationExamining the Evolving Cyber Insurance Marketplace
Prepared Testimony and Statement for the Record of Ola Sage Founder and CEO e-management Hearing on Examining the Evolving Cyber Insurance Marketplace Before the Senate Committee on Commerce, Science,
More informationInformation Security in Business: Issues and Solutions
Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information
More informationSORTING OUT YOUR SIEM STRATEGY:
SORTING OUT YOUR SIEM STRATEGY: FIVE-STEP GUIDE TO TO FULL SECURITY INFORMATION VISIBILITY AND CONTROLLED THREAT MANAGEMENT INTRODUCTION It s your business to know what is happening on your network. Visibility
More informationwww.pwc.nl/cybersecurity Cyber security Building confidence in your digital future
www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence
More informationRegional cyber security considerations for network operations. Eric Osterweil Principal Scientist, Verisign
Regional cyber security considerations for network operations Eric Osterweil Principal Scientist, Verisign Internet operations and cyber security These two fields are deeply intertwined But, one could
More informationDENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES
DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world
More informationMISSION-ESSENTIAL INTELLIGENCE AND CYBER SOLUTIONS
Presentation to the Cyber Security & Critical Infrastructure Protection Symposium March 20, 2013 PREPARED REMARKS BARBARA ALEXANDER, DIRECTOR OF CYBER INTELLIGENCE TASC INFRASTRUCTURE PROTECTION AND SECURITY
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationBusiness Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationCyber Situational Awareness for Enterprise Security
Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationSupplier Vigilance: A Critical Layer of Defense
Supplier Vigilance: A Critical Layer of Defense Lockheed Martin Information Security 1 Supply Chain Cyber Security Lockheed Martin October 23, 2013 Debbie Stuckey Waide Jones, CISSP 2 Synopsis Lockheed
More informationWHITE PAPER. Running. Windows Server 2003. in a Post-Support World. By Nick Cavalancia
Running Windows Server 2003 in a Post-Support World By Nick Cavalancia TABLE OF CONTENTS Introduction 1 The Challenge of Staying on Windows Server 2003 2 Building a Vulnerability Mitigation Strategy 4
More informationA HELPING HAND TO PROTECT YOUR REPUTATION
OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT FireEye Supply Chain Risk Management INTERVIEWS Craig Martin SVP Hardware Development and Manufacturing Operations Kip Shepard Senior Manager of Global
More informationSafety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw
Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK
More informationAnthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown
Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown 1 Protected networks are continuously being successfully attacked
More informationA Primer on Cyber Threat Intelligence
A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly
More informationReport: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business
S 2 ERC Project: Cyber Threat Intelligence Exchange Ecosystem: Economic Analysis Report: An Analysis of US Government Proposed Cyber Incentives Author: Joe Stuntz, MBA EP 14, McDonough School of Business
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationCan Cyber Insurance Be Linked to Assurance?
SESSION ID: CXO-W03 Can Cyber Insurance Be Linked to Assurance? Larry Clinton President and CEO Internet Security Alliance @ISalliance Dan Reddy Adjunct Faculty: Engineering & Technology Quinsigamond Community
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
More informationPwC Cybersecurity Briefing
www.pwc.com/cybersecurity Cybersecurity Briefing June 25, 2014 The views expressed in these slides are solely the views of the presenters and do not necessarily reflect the views of the PCAOB, the members
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationUnderstanding Security and Resilience of the Internet
Understanding Security and Resilience of the Internet Cybersecurity is a rather vague overarching term that is used in different contexts to mean anything from: information and computer security ; security
More informationCSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015
CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015 On March 10, 2015 the Center for Strategic and International Studies, in conjunction with the Cybersecurity Unit of the U.S. Department of
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationCyber-Security. FAS Annual Conference September 12, 2014
Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy
More informationTestimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the
Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS
More informationENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency
ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The
More informationShould the IETF do anything about DDoS attacks? Mark Handley
Should the IETF do anything about DDoS attacks? Mark Handley The Problem The Internet architecture was designed to delivery packets to the destination efficiently. Even if the destination does not want
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationSurve. Incapsula Survey : What DDoS Attacks Really Cost Businesses. hat DDoS Att BY: TIM MATTHEWS. Incapsula, Inc. 2014 All Rights Reserved
hat DDoS Att Survey Incapsula Survey : What DDoS capsula Attacks Really Cost Businesses Surve BY: TIM MATTHEWS Incapsula, Inc. 2014 All Rights Reserved ontents 1. Report Introduction... 01 2. Survey Methodology...
More informationBEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security
BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security August 2014 w w w.r e d s p in.c o m Introduction This paper discusses the relevance and usefulness of security penetration
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationAustralian Government Cyber Security Review
Australian Government Cyber Security Review The Cisco Response Today, governments are almost universally pursuing a development and modernisation agenda to nurture their society into the digital age, and
More informationCritical Infrastructure Security and Resilience
U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International
More informationRising to the Challenge
CYBERSECURITY: Rising to the Challenge Dialogues with Subject Matter Experts Advanced persistent threats. Zero-day attacks. Insider threats. Cybersecurity experts say that if IT leaders are not concerned
More informationBest Practices for Threat & Vulnerability Management. Don t let vulnerabilities monopolize your organization.
Best Practices for Threat & Vulnerability Management Don t let vulnerabilities monopolize your organization. Table of Contents 1. Are You in the Lead? 2. A Winning Vulnerability Management Program 3. Vulnerability
More informationUtilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: What do large enterprises need in order to address increasingly
More informationGaining the upper hand in today s cyber security battle
IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationThe business case for managed next generation firewalls. Six reasons why IT decision makers should sit up and take notice
The business case for managed next generation firewalls Six reasons why IT decision makers should sit up and take notice THREATWATCH Cyber threats cost the UK economy 27 billion pounds a year 92 percent
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationTHE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY
THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity
More informationCybercrime Bedrohung, Intervention, Abwehr. Cybersecurity strategic-political aspects of this global challenge
Cybercrime Bedrohung, Intervention, Abwehr BKA-Herbsttagung vom 12. - 13. November 2013 Cybersecurity strategic-political aspects of this global challenge Full version Michael Daniel Special Assistant
More informationHow To Protect Your Computer From Attack
FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y By IEEE USA s Committee on Communications Policy December 2011 This Frequently Asked Questions (FAQs) was prepared by IEEE-USA s Committee on Communications
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationThe EBF would like to take the opportunity to note few general remarks on key issues as follows:
Ref.:EBF_001314 Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationSecurity Awareness Training Solutions
DATA SHEET Security Awareness Training Solutions A guide to available Dell SecureWorks services At Dell SecureWorks, we strive to be a trusted security advisor to our clients. Part of building this trust
More informationHealthcare Security: Improving Network Defenses While Serving Patients
White Paper Healthcare Security: Improving Network Defenses While Serving Patients What You Will Learn Safeguarding the privacy of patient information is critical for healthcare providers. However, Cisco
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationSecurity & SMEs. An Introduction by Jan Gessin. Introduction to the problem
Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationCYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE
CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE WHITE PAPER www.cibecs.com 2 Table of ontents 01 02 03 04 05 EXECUTIVE SUMMARY: CYBER SECURITY MANAGING YOUR ATTACK SURFACE DATA VULNERABILITY 1 THE ENDPOINT
More informationStatement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the
Testimony Statement for the Record Martin Casado, Senior Vice President Networking and Security Business Unit VMware, Inc. Before the U.S. House of Representatives Committee on Science, Space, and Technology
More informationManaging the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More informationThreat Intelligence. Benefits for the enterprise
Benefits for the enterprise Contents Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific Deriving value
More informationInternet Governance and Cybersecurity Patrick Curry MACCSA patrick.curry@maccsa.net
Internet Governance and Cybersecurity Patrick Curry MACCSA patrick.curry@maccsa.net This project has received funding from the European Union s Seventh Framework Programme for research, technological development
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationNational Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009
National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in
More informationIs security awareness a waste of time?
Is security awareness a waste of time? New York State Cyber Security Conference June 5, 2013 Scott Gréaux Vice President Product Management and Services, PhishMe, Inc. They are exploiting human vulnerabilities
More informationCritical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION
Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION
More informationRedefining Incident Response
Redefining Incident Response How to Close the Gap Between Cyber-Attack Identification and Remediation WHITE PAPER - How to Close the Gap Between Cyber-Attack Identification and Remediation 1 Table of Contents
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationBSA GLOBAL CYBERSECURITY FRAMEWORK
2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access
More informationNational Cyber Security Strategies: United States
National Cyber Security Strategies: United States Audrey L. Plonk Director, Cybersecurity and Internet Governance Intel Corporation 1 ICSS 2013 Trends: National Cybersecurity Strategies New strategies
More information8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014
8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014 8 Ways to Better Monitor Network Security Threats in the Age of BYOD 2 Unless you operate out of a cave, chances are your
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationCYBERSECURITY HOT TOPICS
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationSurviving the Era of Hack Attacks Cyber Security on a Global Scale
Surviving the Era of Hack Attacks Cyber Security on a Global Scale Dr. Adriana Sanford ASU Lincoln Professor of Global Corporate Compliance and Ethics Clinical Associate Professor of Law and Ethics This
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationEducation as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft
Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User
More information